Implementing QoS is about classification, marking, then the queueing. From
that, follow these steps:
(1) create access-list to identify the traffic
(2) create class-maps to identify types of traffic
(3) create a policy-map to modify the traffic
(4) apply the policy-map to a direction on an interface

Forget this line from your access-list: "permit tcp any eq 3389 any eq
3389". It is not what remote desktop protocol uses. The source port is a
"random/sequential" and the destination port is TCP 3389.

The direction of the serivce policy is based on which direction the traffic
will be going to get to the remote desktop protocol server. This is also
impacting to the actual line of the access-list which is relevant. In my
example above, the traffic was tagged AF41 but not affected in limiting the
bandwidth. You can do what you want from here. This configuration was
tested in a lab environment on Cisco 2600 series routers.